Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2026/02/03 10:16 p.m.3 views

CVE-2020-37073

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

8.8CVSS0.00138EPSS
Exploits1References3
CVE
CVEadded 2026/01/27 3:23 p.m.10 views

CVE-2020-36942

CVE-2020-36942 affects Victor CMS 1.0: authenticated users can upload PHP files via the profile image upload, enabling a PHP shell in the /img directory and browser-based command execution. The entry notes high impact to confidentiality, integrity, and availability. The documents do not provide a...

8.8CVSS6AI score0.00151EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/01/27 12:0 a.m.5 views

PT-2026-4924

Name of the Vulnerable Software and Affected Versions Victor CMS version 1.0 Description Victor CMS version 1.0 has a file upload issue. Authenticated users can upload malicious PHP files through the profile image upload feature. An attacker can upload a PHP shell to the /img directory and execut...

8.8CVSS5.6AI score0.00151EPSS
Exploits1References6
Cvelist
Cvelistadded 2009/05/06 4:0 p.m.19 views

CVE-2009-1556

img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the nextfile parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerabili...

6.2AI score0.00225EPSS
Exploits1References4
NVD
NVDadded 2009/04/06 4:30 p.m.10 views

CVE-2008-6612

Unrestricted file upload vulnerability in admin/uploader.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/...

6.8CVSS7.7AI score0.05819EPSS
Exploits1References5
Saint
Saintadded 2006/09/08 12:0 a.m.21 views

TikiWiki file upload vulnerability (jhot.php)

Added: 09/08/2006 CVE: CVE-2006-4602 BID: 19819 OSVDB: 28456 Background TikiWiki is a multi-purpose web content management system written in PHP. Problem The jhot.php script allows remote attackers to upload arbitrary PHP commands into the img/wiki directory. The commands can then be executed by...

7.5CVSS6.8AI score0.83363EPSS
Exploits8
NVD
NVDadded 2006/05/31 10:6 a.m.9 views

CVE-2006-2695

admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory...

5.1CVSS7.7AI score0.02047EPSS
Exploits0References5
Cvelist
Cvelistadded 2006/05/31 10:0 a.m.12 views

CVE-2006-2695

admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory...

7.7AI score0.02047EPSS
Exploits0References5
Rows per page
Query Builder